Foundstone is finding vulnerabilities on the MVM server itself. Client did a scan of the MVM appliance and it came up with vulnerabilities.McAfee support answer they got was a) the MVM needs to able to access the internet to update itself (it is) b) you shouldn’t be scanning your MVM appliance (which is just plain stupid as an answer). This is not a major issue but strange that the actual unit is coming up with vulnerabilities.

Well technically support was correct but it could have been explained better.

If the appliance doesn't have access to download sus updates to patch the OS from the Internet then yes any new vulnerabilities that are discovered since the release of the appliance will not be patched.

When support said you shouldn't scan the MVM Appliance what they meant is that you shouldn't scan a scan engine with itself. Example: If the IP Address of your scan engine was 300.1.3.5 you would not want to scan IP Address 300.1.3.5 from that engine. You can scan IP 300.1.3.5 from any other engine though.

Just had a case open for this. Appliances get SUS updates from McAfee (KB search helps for the URL), software installations on W2K3x and W2K8x will get them from Microsoft. Same for SQL. Appliance = McAfee, software installation from Microsoft.